Don’t have heartburn over the Heartbleed Vulnerability

There’s a new security issue in the news that many people are worried about. It’s called the “Heartbleed vulnerability.” There’s a lot of confusion around it, especially about what most people should be concerned about and do about it. To help you understand what’s going on and not panic, here are some answers to FAQs (frequently asked questions):

What is the Heartbleed vulnerability?

The Heartbleed vulnerability is a problem that affects SSL, the technology that helps protect your information on the Internet. You’re likely most familiar with SSL when you shop online or enter sensitive information on a site and see the “lock” that tells you your information is protected.

What’s wrong with SSL?

The specific problem here is that there’s a flaw that affects some of the websites that use SSL. This flaw can make it possible for someone to get access to that information that SSL is protecting.

What does this mean for me?

This means that information that you thought was being protected by SSL may not be as safe as you (or anyone) thought. This means that sensitive information like passwords, credit card information, or other personal information could have been exposed to others without your knowing.

How do I fix this?

You don’t. In this case, this isn’t a problem with your computer or devices. It’s a problem that websites have to take care of by fixing SSL on their site.

Can I tell if a site has this problem?

Unfortunately, not really. This is something that only the people running the site can know for sure.

Is there anything I can do to protect myself?

While you can’t protect yourself from this specific issue, you can take some steps to protect yourself from effects that this issue might have. Specifically, you can do the following:

This is a new situation and there’s always a lot of confusion and conflicting information in these situations. The important thing is to not panic, follow the steps that we’ve outlined, let the people who can fix this do so, and follow any additional instructions they give.

Related posts:

changing a password would help but if the site is still unpatched, your credentials might still be at risk of being exposed if an attack happens after you changed your passwords, right?

Joseph

My bank does not make it obvious how to change password and has not notified me or, I assume, other clients re: Heartbleed………..wrong behavior.

George

That doesn’t sound right. I would call that lousy service! Even my bank (USBancorp) issued me a new card even tho my account was not affected by Heartbleed.

S. Royce

Why would your bank send you a new card. Heartbleed has nothing to do with cards. It’s the info they can get from your password and there is really no way to know if a business has been compromised. And as far as bashing B of A it’s been shown that they are not vulnerable. Looks like you’re just a USBancorp troll

Al Varnell

It won’t help to change your password on a site that is still vulnerable, in fact it probably puts your new password in even more jeopardy. Users should wait to be informed by the site that it was infected and is not patched and safe to use before changing their password.

chris

My bank is listed as vulnerable. They have not had a new certificate since February and they are a grade F. I have been in touch with them but the advisor couldnt give me any real advice except a regeneration of accounts which can take 7 days. The media says change all passwords but surely unless they have addressed the situation at their end by an updated certificate, then is it not risky to log on to change the password while the site is still vulnerable? Shouldn’t a bank prioritise sorting this and keeping customers informed?

George

Chris: Keep an eye on your account(s). You probably should change banks. Beware of Bank of America, JPMorgan Chase, Citigroup. It seem like I read every now and then that they are always in trouble with the Federal Government. One bank that stays OUT of trouble is US Bank (USBancorp) Stock symbol: USB. OR try a credit union.

Just a Person

Go to a Credit Union. They are better than banks because they usually give back to the community you live in. I always get great customer service when I go into, email, or call my credit union or use those that are in their network. Plus, my credit union did a check and they found no issues.

ngrrsn

Thank you! I was worried about this, and I know some people that are in near panic about it. There is a lot of confusing information out there. Your calm, clear, consumer level explanation was just what we needed!

Americans Right to Privacy Recommends: Visit http://www.americansrighttoprivacy.com and purchase the Patriot Privacy Package which includes not only secure e-mail but two services that will protect you against this severe threat. One touch VPN but choose the L2TP protocol when connecting and DigitalSafe which will not only store and secure your passwords but also has the valuable password generator tool which will allow you to change your password securely!

Please note: The reason why DigitalSafe will protect you against this ongoing threat is the fact that not only do you store and secure your username and password but you put the link to the particular website on the note as well. You access the secure website through DigitalSafe and by encrypting the data before it is sent not during neutralizes the Open Source “Heartbleed” bug.

Bill

I recently switched from Cox to ATT. Trend informs their certificate is out of date. Should I be concerned?

scotty1

Two days ago, a large majority of U.S. citizens e-filed their taxes. Is there any information on the security risk of transferring information to places like Intuit (TurboTax) or directly to the IRS?

Kamoni

At least the Huffpost had an article that listed websites that have fixed their vulnerabilities to heartbleed. I know Yahoo, Facebook, Instagram, and Twitter have addressed it so you should be able to change your passwords now on those sites.

I had Norton before switching to Trend Micro and I just got an email from them today regarding Heartbleed. It has a link to click on called Safeweb – Heartbleed Check. You can enter a web address and they check the site for you and let you know almost immediately if the site is safe.

MB

Chris, you say your bank is listed as vulnerable? How did you find that info?
Thanks,

Pamela Jones

My credit card number was stolen last month and we aren’t sure which site it was taken from. My card issuer has sent me a new card and taken care of the charges that were made but I am afraid to use the new card with any site because I don’t want it to happen again. How can I be sure that it won’t?